/*package net.mysoft.budgetsoft.system.security;

import org.apache.log4j.Logger;

import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;

import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntPathRequestMatcher;
import org.springframework.security.web.util.RequestMatcher;
import org.springframework.stereotype.Component;

import com.kangrui.domain.model.Permission;
import com.kangrui.domain.model.Role;
import com.kangrui.service.PermissionService;
import com.kangrui.service.RoleService;

*//**
 * 
 *
 * Description: 资源源数据定义，将所有的资源和权限对应关系建立起来，即定义某一资源可以被哪些角色访问
 *
 * @author kangrui
 * @version 1.0
 * <pre>
 * Modification History: 
 * Date         Author      Version     Description 
 * ------------------------------------------------------------------ 
 * 2013-12-19    kangrui       1.0        1.0 Version 
 * </pre>
 *//*
@SuppressWarnings("unused")
@Component("securityMetadataSource")
public class SecurityMetadataSource implements
		FilterInvocationSecurityMetadataSource {
	*//**
	 * Logger for this class
	 *//*
	private static final Logger log = Logger.getLogger(SecurityMetadataSource.class);
	
	private Map<RequestMatcher, Collection<ConfigAttribute>> requestMap = new HashMap<RequestMatcher, Collection<ConfigAttribute>>();;
	@Resource
	private PermissionService permissionService;
	@Resource
	private RoleService roleService;
	
	@PostConstruct
    private void loadMetadataInfo() {
		log.info("初始化map<资源， 角色s>...");
        List<Permission> permissions = permissionService.selectPermissionsWithRole();//获取数据库中所有的资源实体
        for(Permission res:permissions){
            Set<ConfigAttribute> allAttributes = new HashSet<ConfigAttribute>();
            List<Role> roles = res.getRoles();//获取该资源对应的访问角色
            for(Role role:roles){
                allAttributes.add(new SecurityConfig(role.getName()));
            }
            RequestMatcher key = new AntPathRequestMatcher(res.getUrl()+"/**");
            requestMap.put(key, allAttributes);
        }
    }
    
    *//**
     * 获取所有的角色信息
     * @return
     *//*
    @Override
    public Collection<ConfigAttribute> getAllConfigAttributes() {
        Set<ConfigAttribute> allAttributes = new HashSet<ConfigAttribute>();
        List<Role> roles = roleService.selectAll();//获取库中所有的角色实体
        for(Role role:roles){
            allAttributes.add(new SecurityConfig(role.getName()));
        }
        return allAttributes;
    }
    
    *//**
     * 获取有权限访问某个请求的所有角色
     * @param object
     * @return
     * @throws IllegalArgumentException
     *//*
    @Override
    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
        HttpServletRequest request = ((FilterInvocation) object).getRequest();
        for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry:requestMap.entrySet()) {
            if (entry.getKey().matches(request)) {
                return entry.getValue();
            }
        }
        return null;
    }
    
    @Override
    public boolean supports(Class<?> clazz) {
        return FilterInvocation.class.isAssignableFrom(clazz);
    }
}
*/